Blog Authors:
- Thiébaut Meyer, Director, Office of the CISO, Google Cloud
- Bhavana Bhinder, Security, Privacy and Compliance Advisor, Office of the CISO, Google Cloud
- Leon O’Neill - Risk and Compliance , Google Cloud
We are thrilled to announce a significant milestone in our commitment to the French and European healthcare communities. Google Cloud has officially achieved the Health Data Hosting (Hébergement de Données de Santé - HDS) v2.0 certification, the latest and most stringent standard for securing sensitive health information in France.
This achievement makes us one of the first hyperscale cloud providers to be certified on this new v2.0 framework, a clear reflection of our dedication to providing a platform built on the highest principles of trust, security, and compliance.
HDS v2.0: a new challenge
The HDS certification has long been the gold standard in France, ensuring that any organization handling personal health data adheres to rigorous security,privacy controls and digital sovereignty. The new v2.0 framework strengthens the bar significantly and introduces new stricter requirements.
Developed by the French Digital Health Agency (Agence du Numérique en Santé - ANS), HDS v2.0 is not just an update; it is a modernization designed to address the realities of today’s evolving threat landscape and the specific architectures of modern cloud environments. It introduces more demanding requirements around:
- Strengthening Data Sovereignty and Protection: HDS v2.0 introduces new requirements to provide stronger guarantees for data protection, reinforcing the principles of data sovereignty—a critical consideration for sensitive health information. Certified products can store protected health information (Données de Santé à Caractère Personnel) within the EEA (European Economic Area). Refer to the HDS certification for products covering activities 1 to 5, as defined in Article R-1111-9 of the French Public Health Code.
- Integrating Global Best Practices: HDS v2.0 incorporates the latest evolutions of the international ISO 27001 standard, ensuring that the certification is not only aligned with French regulations but also with global cybersecurity best practices
By achieving this certification which covers both Google Cloud and Google Workspace, we are not just complying with regulation; we are demonstrating that our platform meets the future-focused security posture that the French healthcare ecosystem demands. While many providers still operate under the previous version, our customers can be confident they are building on a platform that is already aligned with tomorrow's highest standards.
More than a certificate: a commitment to Trust
At Google Cloud, trust is our highest priority. This is where our Shared Fate model comes into practice. Your security and compliance are intrinsically linked to ours. This HDS v2.0 certification is a tangible result of that belief—representing countless hours of engineering effort, rigorous third-party audits, and a foundational investment in building security into every layer of our platform.
Shared Fate means we are not just a vendor; we are a partner. We continuously invest in the security and compliance of our infrastructure so that you can confidently build on a platform designed to protect the confidentiality, integrity, and availability of your most critical data.
What does it mean for our customers and partners?
Our HDS v2.0 certification empowers the entire healthcare value chain, providing the trusted foundation needed for digital transformation and innovation.
- For hospitals and care providers: you can confidently migrate critical workloads to the cloud, enabling secure access to patient records, advancing telehealth initiatives, and leveraging data analytics to improve patient outcomes, all while adhering to the highest compliance standards.
- For pharmaceuticals and biotech: you can accelerate your time-to-market. By building your applications on our HDS v2.0 certified platform, you inherit a significant portion of the security and compliance burden, allowing you to focus on what you do best: building the future of healthcare.
- For research institutes: you can conduct sensitive research on a secure, scalable, and compliant platform. Collaborate with confidence, knowing that the underlying infrastructure meets the stringent requirements for protecting genomic and clinical trial data.
Ready to leverage HDS v2.0?
The French Public Health Code requires mandatory provisions to be included in contracts for the hosting of personal health data. Google Cloud offers contract terms for Google Cloud and Google Workspace to address these requirements. The contract terms include a HDS addendum that customers can onboard to via their Google Cloud console. You can read more about HDS v2.0 compliance on our dedicated compliance card here and contact your Google Cloud Representative for further details.
It's also important for customers to be aware of the new HDS v2.0 sovereignty requirements. This ensures that only certified products are utilized for storing protected health information (Données de Santé à Caractère Personnel) within the EEA, further strengthening data protection. The HDS certification clearly outlines which products cover activities 1 to 5, providing transparency and confidence in data handling.
Building the Future of Health, Together
Achieving the HDS v2.0 certification is a key part of our ongoing mission to be the most trusted technology partner for the healthcare industry. It is a clear signal of our commitment to the specific needs of the French market and our dedication to helping our customers innovate securely.
We are incredibly proud of this achievement and look forward to continuing our partnership with healthcare organizations across France as they build what’s next.
Read more about our compliance resources or explore our commitments to the healthcare industry.
